Recently, a “targeted type cyber attack”, which targets a specific company for the purpose of confidential information theft or system destruction, has become a problem. A main route to intrude on the Information Technology (IT) of an organization being targeted is via electronic mail (hereinafter, simply called “e-mail”). An e-mail used to intrude is distinguished from a conventional spam e-mail which targets unspecified persons, and is called a “target-type e-mail”.
The target-type e-mail is not blocked by an existing anti-virus program or a spam filter. Hence, it is important to respond to such an e-mail at a user side (such as each employee). In this viewpoint, there is a service for sending a test e-mail pretending to be a standard type e-mail to each employee and for conducting feedback depending on a correspondence of each employee for the test e-mail. A technology is known in which if an e-mail includes a Uniform Resource Locator (URL) of a site which is suspected of being illegal, a warning screen and the URL of the site which is suspected of being illegal are displayed.
However, the test e-mail created is common for all employees, since it takes time to create an effective e-mail for each employee individually. In this case, the common e-mail is sent to all employees. Hence, the effectiveness depends on each of the employees. In the above described technology, it is difficult to create a test e-mail appropriately for each of the respective employees.